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DETAILED ACTION 



Claim Objections 



1 . Claims 1 , 11, 21, 24 and 27 are objected to because of the following 
informalities: 

a. As to claims 1 and 21 , line 4 recites "providing a cache for temporarily 
storing" which states the "intended use" of a database. Function(s) following the term 
"for" indicate "system ability" and/or "intended use" and do(es) not hold patentable 
weight. 

b. As to claims 1 1 and 24, line 5 recites "providing a cache for temporarily 
storing" which states the "intended use" of a database. Function(s) following the term 
"for" indicate "system ability" and/or "intended use" and do(es) not hold patentable 
weight. 

c. As to claim 27, line 4 recites "a database management system in a 
computer system for receiving a query". Also, lines 6-7 recite "a cache [...] for 
temporarily storing a cache entry". The use of the word "for" states the "intended use" of 
a database. Function(s) following the term "for" indicate "system ability" and/or 
"intended use" and do(es) not hold patentable weight. 



Appropriate correction is required. 
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Specification 



2. The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01 (o). Correction 
of the following is required: claims 1 1 and 24 recite the limitation "computer readable 
medium". There is insufficient antecedent basis for this claim. The specification does not 
teach any definition of "computer readable medium" or "media" in general. Appropriate 
correction is required. 



Claim Rejections - 35 USC § 101 



3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

4. Claims 1, 11, 21, 24 and 27 are rejected under 35 U.S.C. 101 because the result 
of "determining" does not produce a tangible result. The step of determining as recited 
in the claim is nothing more than a thought or a computation within a processor. What is 
determined is neither used nor made available for use to enable its usefulness in the 
disclosed practical application to be realized. 
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Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

6. Claims 1-31 are rejected under 35 U.S.C. 102(b) as being anticipated by Damiani 
et al. ("Design and implementation of an access control processor for XML documents", 
Published in "Computer Networks", Vol. 33, Issues 1-6, Pages 59-75. Available online at 
at http://vwwv.sciencedi 

Y&_cdi=6234&_user=2502287&_orig=browse&_coverDate=06%2F30%2F2000&_sk=9 
99669998&view=c&wchp=dGLbVlb- 

zSkzk&md5=ccc8253d4443baa1b88aed3a8262a7b9&ie=/sdarticle.pdf). 

As to claim 1 , Damiani et al. teaches a method for performing path-level access 
control evaluation for a structured document in a collection, wherein the structured 
document comprises a plurality of nodes and each of the nodes is described by a path 
(see page 63, section 3.1, "Identifying authorization objects via path expressions"), the 
method comprising the steps of: 

a) providing a cache (see page 68, section 5.3, "Performance and caching") for 
temporarily storing a cache entry for a path associated with a node of the plurality of 
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nodes (see page 65, section 3.1, "Identifying authorization objects via path 
expressions"); 

b) receiving a query, wherein the query comprises a request to access the node 
(see page 67, section 5, "Design and implementation guidelines", paragraph 2, lines 6- 

9); 

c) checking the cache entry for the path associated with the node (see page 66, 
section 4, "Authorization enforcement", lines 10-13 and page 68, section 5.3, 
"Performance and caching", lines 11-12); and 

d) determining whether to grant access to the node based on the cache entry 
(see page 66, section 4, "Authorization enforcement", lines 1-5). 

As to claims 2, 12 and 28, Damiani et al. teaches wherein the cache entry is one 
of a grant (see page 66, section 4, "Authorization enforcement", line 32, "'+' 
(permission)"), deny ('"-' (denial)"), unknown (line 33, '"£' (no authorization)") and data- 
dependent statement (see page 63, section 3, "Authorizations", bullet-point 1, where 
"data-dependent statement" is read on "specific documents"). 

As to claims 3 and 1 3, Damiani et al. teaches wherein determining step (d) 
further comprising: 

(d1) granting access to the node if the cache entry is a grant statement (see 
page 66, section 4, "Authorization enforcement", lines 1-5). 
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As to claims 4 and 14, Damiani et al. teaches wherein determining step (d) 
further comprising: 

(d1) denying access to the node if the cache entry is a deny statement (see page 
66, section 4, "Authorization enforcement", lines 1-5). 

As to claims 5 and 15, Damiani et al. teaches wherein determining step (d) 
further comprising: 

(d1) evaluating an access control policy for the structured document affecting the 
path if the cache entry is an unknown statement (see page 68, section 5.3, 
"Performance and caching", line 1 - page 69, line 5); 

(d2) granting access if a result of the evaluation in step (d1) grants access (see 
page 66, section 4, "Authorization enforcement", lines 1-5); and 

(d3) denying access if the result of the evaluation in step (d1) denies access (see 
page 66, section 4, "Authorization enforcement", lines 1-5). 

As to claims 6 and 16, Damiani et al. teaches further comprising: 

(e) determining whether the access control policy affecting the path is data- 
dependent (see page 63, section 3, "Authorizations", bullet-point 1, where "data- 
dependent" is read on "instance"); 

(f) changing the cache entry from the unknown statement to a grant or a deny 
statement based on the evaluation in step (d1) if the access control policy affecting the 
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path is not data-dependent (see page 68, section 5.3, "Performance and caching", line 1 
- page 69, line 5); and 

(g) changing the cache entry from the unknown statement to a data-dependent 
statement if the access control policy affecting the path is data-dependent (see page 68, 
section 5.3, "Performance and caching", line 1 - page 69, line 5). 

As to claims 7 and 17, Damiani et al. teaches wherein determining step (d) 
further comprising: 

(d1) evaluating an access control policy for the structured document affecting the 
path if the cache entry is a data-dependent statement (see page 63, section 3, 
"Authorizations", bullet-point 1, where "data-dependent" is read on "instance"); 

(d2) granting access if a result of the evaluation in step (d1) grants access (see 
page 66, section 4, "Authorization enforcement", lines 1-5); and 

(d3) denying access if the result of the evaluation in step (d1) denies access (see 
page 66, section 4, "Authorization enforcement", lines 1-5). 

As to claims 8 and 1 8, Damiani et al. teaches further comprising: 

(e) repeating checking and determining steps (c) and (d) for a next node (See 

page 69, lines 2-5, section 5.3, "Performance and caching". The entire document is 

transformed, so each node must be transformed). 
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As to claims 9 and 19, Damiani et al. teaches wherein evaluating step (d1) 
further comprises: 

(d1i) evaluating a value expression for the path associated with the node, 
wherein the value expression is an executable statement based on the access control 
policy affecting the path and indicates who has access to the node (see page 70, 
section 6.1, "The role of encryption"). 

As to claims 10 and 20, Damiani et al. teaches wherein checking and 
determining steps (c) and (d) are performed during a run time (See page 68, section 
5.2, "Execution phases", column 2, final paragraph. It is implied that the execution steps 
take place on-demand; that is, at run-time.). 

As to claim 1 1 , Damiani et al. teaches a computer readable medium containing 
programming instructions for performing path-level access control evaluation for a 
structured document in a collection, wherein the structured document comprises a 
plurality of nodes and each of the nodes is described by a path (see page 63, section 
3.1, "Identifying authorization objects via path expressions"), the programming 
instructions for: 

For the remaining steps of this claim applicant(s) is/are directed to the remarks 
and discussions made in claim 1 above. 
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As to claim 21 , Damiani et al. teaches method for performing path-level access 
control evaluation for a structured document in a collection, wherein the structured 
document comprises a plurality of nodes and each of the nodes is described by a path 
(see page 63, section 3.1, "Identifying authorization objects via path expressions"), the 
method comprising the steps of: 

a) providing a cache for temporarily storing a cache entry for a path associated 
with a node of the plurality of nodes (see Examiner's comments regarding claim 1), 
wherein the cache entry is one of a grant, deny, unknown and data-dependent 
statement (see Examiner's comments regarding claim 2); 

b) receiving a query, wherein the query comprises a request to access the node 
(see Examiner's comments regarding claim 1); 

c) checking the cache entry for the path associated with the node (see 
Examiner's comments regarding claim 1); 

d) granting access to the node if the cache entry is a grant statement (see 
Examiner's comments regarding claim 3); 

e) denying access to the node if the cache entry is a deny statement (see 
Examiner's comments regarding claim 4); and 

f) determining access control if the cache entry is an unknown or data-dependent 
statement (see Examiner's comments regarding claim 6). 

As to claims 22 and 25, Damiani et al. teaches wherein the determining step (f) 
further comprising: 
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f1) evaluating a value expression for the path associated with the node, wherein 
the value expression is an executable statement based on an access control policy 
affecting the path and indicates who has access to the node (see page 70, section 6.1, 
"The role of encryption"); 

f2) granting or denying access to the node based on a result of the evaluation in 
step (f1) (see page 66, section 4, "Authorization enforcement", lines 1-5); 

f3) changing the cache entry to a grant or deny statement based on the result of 
the evaluation in step (f1) if the access control policy affecting the path is not data- 
dependent (see page 68, section 5.3, "Performance and caching", line 1 - page 69, line 
5); and 

f4) changing the cache entry to a data-dependent statement if the access control 
policy affecting the path is data-dependent (see page 68, section 5.3, "Performance and 
caching", line 1 - page 69, line 5). 

As to claims 23 and 26, Damiani et al. teaches further comprising: g) repeating 
steps (c) through (f) for a next node (See page 69, lines 2-5, section 5.3, "Performance 
and caching". The entire document is transformed, so each node must be transformed). 

As to claim 24, Damiani et al. teaches a computer readable medium containing 
programming instructions for performing path-level access control evaluation for a 
structured document in a collection, wherein the structured document comprises a 
plurality of nodes and each of the nodes is described by a path (see page 63, section 
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3.1, "Identifying authorization objects via path expressions"), the programming 
instructions for: 

For the remaining steps of this claim applicant(s) is/are directed to the remarks 
and discussions made in claim 21 above. 

As to claim 27, Damiani et al. teaches system for performing path-level access 
control evaluation for a structured document in a collection, wherein the structured 
document comprises a plurality of nodes and each of the nodes is described by a path 
(see page 63, section 3.1, "Identifying authorization objects via path expressions"), 
comprising: 

For the remaining steps of this claim applicant(s) is/are directed to the remarks 
and discussions made in claim 21 above and see also Figure 1. 

As to claim 29, Damiani et al. teaches further comprising: 

an Access Control mechanism coupled to the database management system for 
determining access control to the node if the cache entry is an unknown (see 
Examiner's comments regarding claim 5) or data-dependent statement (see Examiner's 
comments regarding claim 6). 

As to claim 30, Damiani et al. teaches wherein the Access Control mechanism is 
configured to generate for the path associated with the node a corresponding value 
expression based on an access control policy for the structured document affecting the 
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path, wherein the database management system evaluates the corresponding value 
expression to determine whether to grant access to the node (see Examiner's 
comments regarding claim 9). 

As to claim 31 , Damiani et al. teaches wherein the database management 
system is configured to change the cache entry from an unknown statement to a grant 
or deny statement based on a result of the evaluation of the value expression if the 
value expression for the path is not data-dependent and to change the cache entry from 
an unknown statement to a data-dependent statement if the value expression for the 
path is data-dependent (see page 70, section 6.1, "The role of encryption" and see page 
68, section 5.3, "Performance and caching", line 1 - page 69, line 5). 

Additional References 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

The following patents are cited to further show the state of art with respect to 
XML database security caching in general: 



Patent/Pub- No. 


Issued to 


Cited for teaching 


US 20040193607 A1 


Kudo, Michiharu et 
al. 


DB access control 



Application/Control Number: 10/648,499 



Art Unit: 2165 



Page 13 



US 20030208490 A1 


Larrea, Jean- 

1 A. 1 

Jacques et al. 


XML DB access control 


US 6922695 B2 


Skufca; Jim et al. 


Secure cache 


US 5893086 A 


Schmuck; Frank B. et 
al. 


Access control cache 


US 6101558 A 


Utsunomiya; Naoki et 
al. 


Access control cache 


US 6901410 B2 


Marron; Pedro Jose 
et al. 


XPath caching 


US 6457103 B1 


Challenger; James 
R. H. et al. 


Access control cache 


US 6798776 B1 


Cheriton; David R. et 
al. 


Security cache 


US 5193184 A 


Belsan; Jay S. et al. 


Security cache 


US 6249844 B1 


Schloss; Robert 
Jeffrey et al. 


XML cache 



Conclusion 



8. Any inquiry concerning this communication or earlier communications should be 
directed to the examiner, Mark A. Radtke. The examiner's telephone number is (571) 
272-7163, and the examiner can normally be reached between 9 AM and 5 PM, 
Monday through Friday. 
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If attempts to contact the examiner are unsuccessful, the examiner's supervisor, 
Jeffrey Gaffin, can be reached at (571) 272-4146. 



Any inquiry of a general nature or relating to the status of this application or 




